Nico Ok... Added the "setcred_in_auth" and didn't seem to change the log at all.. (login) Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): entry: Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): exit: success Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): entry: Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): exit: success Nov 29 11:29:17 SYSTEM sshd[484]: [ID 800047 auth.info] Accepted password for mdbaker from XXX.XXX.XXX.XXX port 35978 ssh2 Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): entry: Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): chown(): Not owner Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): exit: failure Nov 29 11:29:17 SYSTEM sshd[484]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module Nov 29 11:29:17 SYSTEM sshd[484]: [ID 993013 auth.debug] pam_sm_setcred(): no module data (logout) Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error Permission denied No the cache file does not exist... One other interesting item... If it does exist, it gets deleted... That is not right... ;) See-ya Mitch At 11:08 AM 11/29/2001 -0500, you wrote: >On Thu, Nov 29, 2001 at 09:18:33AM -0600, Steve Langasek wrote: > > On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote: > > > Authenticating but NOT setting up credential cache > > > Solaris 8 > > > OpenSSH_3.0.1p1 > > > MIT KRB5 1.2.2 > > > > > The pam.conf is the same on both and so is the sshd_config > > > > > Do have the debug option on with the pam_krb5. Here is more of the logs. > > > With logout... > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > pam_sm_authenticate(sshd mdbaker): entry: > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > pam_sm_authenticate(sshd mdbaker): exit: success > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > pam_sm_acct_mgmt(sshd mdbaker): entry: > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success > > > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted > password > > > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2 > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): entry: > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): exit: failure > > > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] pam_setcred: > error > > > Error in underlying service module > > > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] > pam_sm_setcred(): > > > no module data > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: > error > > > Error in underlying service module > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: > error > > > Permission denied > > > > Hmm. Sounds like something has changed in OpenSSH 3.0.1p1 wrt the order > > of setuid() and pam_setcred() calls. > >Indeed, it sounds that way. > > > Nico, is this our bug or theirs? > >Still looking. Remember, I don't use the latest pam_krb5, yet... > >Something looks off though, "... pam_sm_setcred(): no module data"... Is >OpenSSH perhaps using a different pam handle for the setcred? > >Mitchell, > >Can you try adding the "setcred_in_auth" option to auth pam_krb5 line? > >Also, does a /tmp/krb5cc_<uid> already exist and is it owned by a user >other than the user you're logging in as? > > > > Steve Langasek > > postmodern programmer > > >Nico >-- > >Visit our website at http://www.ubswarburg.com > >This message contains confidential information and is intended only >for the individual named. If you are not the named addressee you >should not disseminate, distribute or copy this e-mail. Please >notify the sender immediately by e-mail if you have received this >e-mail by mistake and delete this e-mail from your system. > >E-mail transmission cannot be guaranteed to be secure or error-free >as information could be intercepted, corrupted, lost, destroyed, >arrive late or incomplete, or contain viruses. The sender therefore >does not accept liability for any errors or omissions in the contents >of this message which arise as a result of e-mail transmission. If >verification is required please request a hard-copy version. This >message is provided for informational purposes and should not be >construed as a solicitation or offer to buy or sell any securities or >related financial instruments. > > > >_______________________________________________ > >Pam-list@redhat.com >https://listman.redhat.com/mailman/listinfo/pam-list /####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/
